Java EE 8 Security JSR will have Cloud Improvements

The Java Community Process published details of JSR 375, a redesigned Java EE Security API that includes improvements for implementing security in a cloud environment.

The improvements specifically target the following areas:

User Management: A standardized user service, that allows an application to perform user management operations, such as creating, deleting, updating, and grouping users. The user service can manipulate users from a user source (e.g. LDAP, data source, files, embedded) that is changeable per deployment environment, enabling the utilization of different user sources for development, QA, and production.

Password Aliasing: Standardized support for secure password reference and storage. The password repository would be a secure credentials archive, to be self-contained and deployed with the application.

Role Mapping: A standardized role service, that allows an application to perform role mapping operations, such as granting, revoking, and querying user and group roles. The role service can manipulate mappings from a role mapper. Role mappers can have mappings originating from resources such as LDAP, data sources, and files. As with user management, the source can be varied per environment.

Authentication: There are three proposed improvements to authentication:

Allowing an application to specify the user and role service.

Allowing each servlet to be configured with different authentication methods within a single web application.

Improving HttpServletRequest.authenticate() so it can be invoked asynchronously.

Alex Kosowski, Senior Member Technical Staff at Oracle, is currently listed as the lead and sole expert on the JSR, but expert nominations are open.

In Oracle's Aquarium blog, GlassFish and Java EE Product Manager David Delabasse, wrote that JSR 375 originated from feedback of the Java EE 8 Community Survey. Security simplification vote count was second only to JSR 367 JSONB - the Java API for JSON binding.

InfoQ Weekly Newsletter

Join a community of over 250 K senior developers by signing up for our newsletter. If you are based in the EEA, please contact us so we can provide you with the protections afforded to you under EEA protection laws.

Is your profile up-to-date? Please take a moment to review and update.

Email Address

Note: If updating/changing your email, a validation request will be sent

Company name:

Keep current company name

Update Company name to:

Company role:

Keep current company role

Update company role to:

Company size:

Keep current company Size

Update company size to:

Country/Zone:

Keep current country/zone

Update country/zone to:

State/Province/Region:

Keep current state/province/region

Update state/province/region to:

Subscribe to our newsletter?

Subscribe to our architect newsletter?

Subscribe to our industry email notices?

By subscribing to this email, we may send you content based on your previous topic interests. See our privacy notice for details.

You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.

We notice you're using an ad blocker

We understand why you use ad blockers. However to keep InfoQ free we need your support. InfoQ will not provide your data to third parties without individual opt-in consent. We only work with advertisers relevant to our readers. Please consider whitelisting us.